How to configure nginx on kubernetes 1.8.1 as ingress controller

By | November 28, 2017

What is an Ingress controller

An ingress controller is component in the kubernetes cluster that manages the trafic coming into the cluster. Through ingress configurations you can define the rules to access the containers in you pod. For more info refer to the official documentation.

Default backend

A default backend is required so ingress can redirect all the requests not matching any rule in ingress configuration.

First of all we are going to create a namespace for our ingress controller

kubectl create namespace ingress
1

Now we can create the default-backend-service.yaml and default-backend-deployment.yaml and apply them:

cat <<EOF > ./default-backend-deployment.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: default-backend
spec:
  replicas: 2
  template:
    metadata:
      labels:
        app: default-backend
    spec:
      terminationGracePeriodSeconds: 60
      containers:
      - name: default-backend
        image: gcr.io/google_containers/defaultbackend:1.0
        livenessProbe:
          httpGet:
            path: /healthz
            port: 8080
            scheme: HTTP
          initialDelaySeconds: 30
          timeoutSeconds: 5
        ports:
        - containerPort: 8080
        resources:
          limits:
            cpu: 10m
            memory: 20Mi
          requests:
            cpu: 10m
            memory: 20Mi
EOF
cat <<EOF > default-backend-service.yaml
apiVersion: v1
kind: Service
metadata:
  name: default-backend
spec:
  ports:
  - port: 80
    protocol: TCP
    targetPort: 8080
  selector:
    app: default-backend
EOF 
kubectl create -f default-backend-deployment.yaml -f default-backend-service.yaml -n ingress
1234567891011121314151617181920212223242526272829303132333435363738394041424344454647

Ingress controller

The following nginx-ingress-controller-config-map.yamlnginx-ingress-controller-roles.yaml and
nginx-ingress-controller-deployment.yaml will, define a config map for the controller, define cluster role permissions and finally define the ingress controller itself.

cat <<EOF > ./nginx-ingress-controller-config-map.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: nginx-ingress-controller-conf
  labels:
    app: nginx-ingress-lb
data:
  enable-vts-status: 'true'
EOF
12345678910
cat <<EOF > ./nginx-ingress-controller-roles.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: nginx
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: nginx-role
rules:
- apiGroups:
  - ""
  - "extensions"
  resources:
  - configmaps
  - secrets
  - endpoints
  - ingresses
  - nodes
  - pods
  verbs:
  - list
  - watch
- apiGroups:
  - ""
  resources:
  - services
  verbs:
  - list
  - watch
  - get
  - update
- apiGroups:
  - "extensions"
  resources:
  - ingresses
  verbs:
  - get
- apiGroups:
  - ""
  resources:
  - events
  verbs:
  - create
- apiGroups:
  - "extensions"
  resources:
  - ingresses/status
  verbs:
  - update
- apiGroups:
  - ""
  resources:
  - configmaps
  verbs:
  - get
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: nginx-role
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: nginx-role
subjects:
- kind: ServiceAccount
  name: nginx
  namespace: ingress
EOF
1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071
cat <<EOF > ./nginx-ingress-controller-deployment.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: nginx-ingress-controller
spec:
  replicas: 1
  revisionHistoryLimit: 3
  template:
    metadata:
      labels:
        app: nginx-ingress-lb
    spec:
      terminationGracePeriodSeconds: 60
      serviceAccount: nginx
      hostNetwork: true
      containers:
        - name: nginx-ingress-controller
          image: gcr.io/google_containers/nginx-ingress-controller:0.8.3
          imagePullPolicy: Always
          readinessProbe:
            httpGet:
              path: /healthz
              port: 10254
              scheme: HTTP
          livenessProbe:
            httpGet:
              path: /healthz
              port: 10254
              scheme: HTTP
            initialDelaySeconds: 10
            timeoutSeconds: 5
          args:
            - /nginx-ingress-controller
            - --default-backend-service=$(POD_NAMESPACE)/default-backend
            - --nginx-configmap=$(POD_NAMESPACE)/nginx-ingress-controller-conf
            - --v=2
          env:
            - name: POD_NAME
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
            - name: POD_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
          ports:
            - containerPort: 80
            - containerPort: 443
            - containerPort: 18080
            - containerPort: 10254
EOF
12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152

Now you should have the following files:
– nginx-ingress-controller-config-map.yaml
– nginx-ingress-controller-roles.yaml
– nginx-ingress-controller-deployment.yaml

You can now load them by running the following command:

kubectl create -f nginx-ingress-controller-config-map.yaml -f nginx-ingress-controller-roles.yaml -f nginx-ingress-controller-deployment.yaml -n ingress
1

This is the third of three articles, the other two are

Сomments аrchive